CVE-2021-42194: XEE
First published: Sun Mar 20 2022(Updated: )
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eyoucms Eyoucms | =1.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2021-42194.
What is the severity rating of CVE-2021-42194?
CVE-2021-42194 has a severity rating of 7.2 (high).
What software versions are affected by CVE-2021-42194?
EyouCms version 1.5.4 is affected by CVE-2021-42194.
What is the impact of CVE-2021-42194?
CVE-2021-42194 allows for XML external entity (XXE) injection, potentially leading to unauthorized access or disclosure of sensitive data.
Is there a patch available to fix CVE-2021-42194?
Unfortunately, there is no official patch available at the moment. It is recommended to monitor the software vendor's website for updates or consider implementing mitigations suggested in the vendor's advisory or security forums.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/eyoucms
- canonical/eyoucms eyoucms
- version/eyoucms eyoucms/1.5.4